MCAI 2.0 Model Checking in Ten Minutes Edmund Clarke School of Computer Science Carnegie Mellon University.

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Chair of Software Engineering Software Verification Stephan van Staden Lecture 10: Model Checking.
SYMBOLIC MODEL CHECKING: STATES AND BEYOND J.R. Burch E.M. Clarke K.L. McMillan D. L. Dill L. J. Hwang Presented by Rehana Begam.
Thomas Ball, Rupak Majumdar, Todd Millstein, Sriram K. Rajamani Presented by Yifan Li November 22nd In PLDI 01: Programming Language.
Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs Alastair Donaldson, Alexander Kaiser, Daniel Kroening, and Thomas Wahl Computer.
Edmund M. Clarke School of Computer Science Carnegie Mellon University Model Checking and the Verification of Computer Systems.
Grand Challenge Problem: Model Check Concurrent Software Edmund M. Clarke Department of Computer Science Carnegie Mellon University.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Demonstration Of SPIN By Mitra Purandare
CSEP590 – Model Checking and Software Verification University of Washington Department of Computer Science and Engineering Summer 2003.
Predicate Abstraction for Software and Hardware Verification Himanshu Jain Model checking seminar April 22, 2005.
Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.
Efficient Software Model Checking of Data Structure Properties Paul T. Darga Chandrasekhar Boyapati The University of Michigan.
Word Level Predicate Abstraction and Refinement for Verifying RTL Verilog Himanshu Jain Daniel Kroening Natasha Sharygina Edmund Clarke Carnegie Mellon.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.
Model Checking for Embedded Systems Edmund Clarke, CMU High-Confidence Embedded Systems Workshop, May 1 st.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
Model Checking My 27 year quest to overcome the state explosion problem Edmund Clarke Computer Science Department Computer Science Department Carnegie.
1 Carnegie Mellon UniversitySPINFlavio Lerda Bug Catching SPIN An explicit state model checker.
Verification technique on SA applications using Incremental Model Checking 컴퓨터학과 신영주.
Grand Challenge Problem: Model Check Concurrent Software Edmund M. Clarke Department of Computer Science Carnegie Mellon University.
Lecture 1: Model Checking
Using a Formal Specification and a Model Checker to Monitor and Guide Simulation Verifying the Multiprocessing Hardware of the Alpha Microprocessor.
An Introduction to Formal Methods
Edmund M. Clarke School of Computer Science Carnegie Mellon University Lecture 2: Model Checking My 30 Year Quest to Conquer the State Explosion Problem.
Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )
B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.
Framework for the Development and Testing of Dependable and Safety-Critical Systems IKTA 065/ Supported by the Information and Communication.
10/19/2015COSC , Lecture 171 Real-Time Systems, COSC , Lecture 17 Stefan Andrei.
CS6133 Software Specification and Verification
1 Predicate Abstraction and Refinement for Verifying Hardware Designs Himanshu Jain Joint work with Daniel Kroening, Natasha Sharygina, Edmund M. Clarke.
- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -
Model Checking Overview Edmund M. Clarke, Jr. School of Computer Science Carnegie Mellon University Pittsburgh, PA
Verification & Validation By: Amir Masoud Gharehbaghi
Reachability for Linear Hybrid Automata Using Iterative Relaxation Abstraction Sumit K. Jha, Bruce H. Krogh, James E. Weimer, Edmund M. Clarke Carnegie.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
Automated Formal Verification of PLC (Programmable Logic Controller) Programs
CS357 Lecture 13: Symbolic model checking without BDDs Alex Aiken David Dill 1.
Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.
Compositional Verification for System-on-Chip Designs SRC Student Symposium Paper 16.5 Nishant Sinha Edmund Clarke Carnegie Mellon University.
Finding bugs with a constraint solver daniel jackson. mandana vaziri mit laboratory for computer science issta 2000.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
© Anvesh Komuravelli Spacer Model Checking with Proofs and Counterexamples Anvesh Komuravelli Carnegie Mellon University Joint work with Arie Gurfinkel,
Survey on the Formal Verification Dept. of Nuclear and Quantum Engineering NICIEL Myung Jun Song.
Counterexample-Guided Abstraction Refinement By Edmund Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, and Helmut Veith Presented by Yunho Kim Provable Software.
SAT for Software Model Checking Introduction to SAT-problem for newbie
Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.
Basic concepts of Model Checking
Formal methods: Lecture
Formal Methods: Model Checkers and Theorem Provers
SS 2017 Software Verification Bounded Model Checking, Outlook
CIS 842: Specification and Verification of Reactive Systems
Rich Model Toolkit – An Infrastructure for Reliable Computer Systems
Presentation transcript:

MCAI 2.0 Model Checking in Ten Minutes Edmund Clarke School of Computer Science Carnegie Mellon University

MCAI 2.0 Temporal Logic Model Checking  Model checking is an automatic verification technique for finite state concurrent systems.  Developed independently by Clarke and Emerson and by Queille and Sifakis in early 1980’s.  Specifications are written in propositional temporal logic. (Pnueli 77)  Verification procedure is an intelligent exhaustive search of the state space of the design.

MCAI 2.0 Model Checking The Model Checking Problem (Clarke and Emerson 81): Let M be a state-transition graph Let f be a formula of temporal logic a U bU e.g., a U b means “a holds true Until b becomes true” Does f hold along all paths that start at initial state of M ? Preprocessor Model Checker Representation of M Formula f True or Counterexample 3 aaaab

MCAI 2.0 Advantages of Model Checking  No proofs! (algorithmic not deductive)  Fast (compared to other rigorous methods)  No problem with partial specifications  Diagnostic counterexamples Safety Property: bad state unreachable Initial State 4

MCAI 2.0 Advantages of Model Checking  No proofs! (algorithmic not deductive)  Fast (compared to other rigorous methods)  No problem with partial specifications  Diagnostic counterexamples Safety Property: bad state unreachable Initial State Counterexample 5

MCAI 2.0 Many Industrial Successes 6  Try – / * –In 94’ Pentium, it doesn’t return 0, but 256.  Intel uses the SRT algorithm for floating point division. Five entries in the lookup table are missing.  Cost: $500 million  Xudong Zhao’s Thesis on Word Level Model Checking

MCAI 2.0 The State Explosion Problem System Description State Transition Graph Combinatorial explosion of system states renders explicit model construction infeasible. Combinatorial explosion of system states renders explicit model construction infeasible. Exponential Growth of … … global state space in number of concurrent components. … memory states in memory size. Exponential Growth of … … global state space in number of concurrent components. … memory states in memory size. Feasibility of model checking inherently tied to handling state explosion.

MCAI 2.0 CEGAR CounterExample-Guided Abstraction Refinement C Program InitialAbstraction Simulator No error or bug found Propertyholds Simulationsucessful Bug found Abstraction refinement Refinement Model CheckerVerification Spurious counterexample Counterexample Abstract Model

MCAI 2.0 Combating the State Explosion  Binary Decision Diagrams can be used to represent state transition systems more efficiently.  Symbolic Model Checking 1992  Semantic techniques for alleviating state explosion: –Partial Order Reduction. –Abstraction. –Compositional reasoning. –Symmetry. –Cone of influence reduction. –Semantic minimization.

MCAI 2.0 Model Checking since Clarke / Emerson: CTL Model Checking Sifakis / Quielle 1982EMC: Explicit Model Checker Clarke, Emerson, Sistla 1990Symbolic Model Checking Burch, Clarke, Dill, McMillan 1992SMV: Symbolic Model Verifier McMillan 1998 Bounded Model Checking using SAT Biere, Clarke, Zhu 2000Counterexample-guided Abstraction Refinement Clarke, Grumberg, Jha, Lu, Veith s: Formal Hardware Verification in Industry: Intel, IBM, Motorola, etc.

MCAI 2.0 Model Checking since Clarke / Emerson: CTL Model Checking Sifakis / Quielle 1982EMC: Explicit Model Checker Clarke, Emerson, Sistla 1990Symbolic Model Checking Burch, Clarke, Dill, McMillan 1992SMV: Symbolic Model Verifier McMillan 1998 Bounded Model Checking using SAT Biere, Clarke, Zhu 2000Counterexample-guided Abstraction Refinement Clarke, Grumberg, Jha, Lu, Veith CBMC MAGIC

MCAI 2.0 Grand Challenge: Model Check Software ! What makes Software Model Checking different ?

MCAI 2.0 What Makes Software Model Checking Different ?  Large/unbounded base types: int, float, string  User-defined types/classes  Pointers/aliasing + unbounded #’s of heap-allocated cells  Procedure calls/recursion/calls through pointers/dynamic method lookup/overloading  Concurrency + unbounded #’s of threads

MCAI 2.0 What Makes Software Model Checking Different ?  Templates/generics/include files  Interrupts/exceptions/callbacks  Use of secondary storage: files, databases  Absent source code for: libraries, system calls, mobile code  Esoteric features: continuations, self-modifying code  Size (e.g., MS Word = 1.4 MLOC)

MCAI 2.0 Software Example: Device Driver Code Also according to Wired News : “Microsoft has developed a tool called Static Device Verifier or SDV, that uses ‘Model Checking’ to analyze the source code for Windows drivers and see if the code that the programmer wrote matches a mathematical model of what a Windows device driver should do. If the driver doesn’t match the model, the SDV warns that the driver might contain a bug.”

MCAI Mars Polar Lander (1999) landing-logic error Spirit Mars Rover (2004) file-system error Aerospace Systems: Software Driven! Mission Loss 16 Airbus A380 Flight Deck Do you trust flight software?

MCAI 2.0  Scalability: each new Mars mission employs more software than all previous Mars missions together  Often no models, only code: software written in C, sometimes without the help of formal models  MCAI 2.0 can be used to extract abstract models from source code, analyze generated models, drive C-code testers, … 17 Embedded Systems Need MCAI

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.